CVE-2021-26472

Sažetak

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.

Reference

https://csirt.divd.nl/2021/05/11/Vembu-zero-days/
https://csirt.divd.nl/cves/CVE-2021-26472/
https://csirt.divd.nl/cases/DIVD-2020-00011/
https://www.wbsec.nl/vembu

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

06-04-2022 - 16:47

Objavljeno

08-06-2021 - 19:15